GE c60 Instruction Manual
Also see for C60: Communications manualCommunications guideInstruction manualInstruction manualInstruction manual
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | |
Contents
|
2-4 C60 BREAKER PROTECTION SYSTEM – INSTRUCTION MANUALSECURITY CHAPTER 2: PRODUCT DESCRIPTION2• A Role-Based Access Control (RBAC) system that provides a permission model that allows access to UR deviceoperations and configurations based on specific roles and individual user accounts configured on the AAA server (thatis, Administrator, Supervisor, Engineer, Operator, Observer roles)• Security event reporting through the Syslog protocol for supporting Security Information Event Management (SIEM)systems for centralized cybersecurity monitoring• Strong encryption of all access and configuration network messages between the EnerVista software and UR devicesusing the Secure Shell (SSH) protocol, the Advanced Encryption Standard (AES), and 128-bit keys in Galois CounterMode (GCM) as specified in the U.S. National Security Agency Suite B extension for SSH and approved by the NationalInstitute of Standards and Technology (NIST) FIPS-140-2 standards for cryptographic systemsExample: Administrative functions can be segmented away from common operator functions, or engineering type access,all of which are defined by separate roles (see figure) so that access of UR devices by multiple personnel within asubstation is allowed. Permissions for each role are outlined in the next section.Figure 2-2: CyberSentry user rolesThe following types of authentication are supported by CyberSentry to access the UR device:• Device Authentication (local UR device authenticates)• Server Authentication (RADIUS server authenticates)The EnerVista software allows access to functionality that is determined by the user role, which comes either from the localUR device or the RADIUS server.The EnerVista software has a device authentication option on the login screen for accessing the UR device. When the"Device" button is selected, the UR uses its local authentication database and not the RADIUS server to authenticate theuser. In this case, it uses its built-in roles (Administrator, Engineer, Supervisor, Observer, Operator) as login names and theassociated passwords are stored on the UR device. As such, when using the local accounts, access is not user-attributable.In cases where user-attributable access is required especially to facilitate auditable processes for compliance reasons, useRADIUS authentication only.When the "Server" Authentication Type option is selected, the UR uses the RADIUS server and not its local authenticationdatabase to authenticate the user.No password or security information is displayed in plain text by the EnerVista software or UR device, nor is suchinformation ever transmitted without cryptographic protection.CyberSentry user rolesCyberSentry user roles (Administrator, Engineer, Operator, Supervisor, Observer) limit the levels of access to various URdevice functions. This means that the EnerVista software allows for access to functionality based on the user’s logged inrole.Example: Observer cannot write any settings.The table lists user roles and their corresponding capabilities.842838A2.CDRAdministratorEngineerSupervisorOperatorObserver |
Related manuals for GE C60
This manual is suitable for:
manualsdatabase
Your AI-powered manual search engine